[kernel] r9390 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Tue Aug 28 05:52:08 UTC 2007 

Author: dannf
Date: Tue Aug 28 05:52:07 2007
New Revision: 9390

Log:
* aacraid-ioctl-perm-check.dpatch
  [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
  See CVE-2007-4308

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/aacraid-ioctl-perm-check.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Tue Aug 28 05:52:07 2007
@@ -10,8 +10,11 @@
   * dn_fib-out-of-bounds.dpatch
     [SECURITY] Fix out of bounds condition in dn_fib_props[]
     See CVE-2007-2172
+  * aacraid-ioctl-perm-check.dpatch
+    [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+    See CVE-2007-4308
 
- -- dann frazier <dannf at debian.org>  Thu, 12 Jul 2007 23:36:16 -0600
+ -- dann frazier <dannf at debian.org>  Mon, 27 Aug 2007 23:48:41 -0600
 
 kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/aacraid-ioctl-perm-check.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/aacraid-ioctl-perm-check.dpatch	Tue Aug 28 05:52:07 2007
@@ -0,0 +1,31 @@
+From: Alan Cox <alan at lxorguk.ukuu.org.uk>
+Date: Mon, 23 Jul 2007 13:51:05 +0000 (+0100)
+Subject: [SCSI] aacraid: Fix security hole
+X-Git-Tag: v2.6.23-rc2~164^2~24
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=60395bb60e0b5e4e0808ac8eb07a92f6c9cdea1f
+
+[SCSI] aacraid: Fix security hole
+
+On the SCSI layer ioctl path there is no implicit permissions check for
+ioctls (and indeed other drivers implement unprivileged ioctls). aacraid
+however allows all sorts of very admin only things to be done so should
+check.
+
+Signed-off-by: Alan Cox <alan at redhat.com>
+Acked-by: "Salyzyn, Mark" <mark_salyzyn at adaptec.com>
+Signed-off-by: James Bottomley <James.Bottomley at SteelEye.com>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at debian.org>
+
+--- kernel-source-2.6.8/drivers/scsi/aacraid/linit.c.orig	2004-08-13 23:36:56.000000000 -0600
++++ kernel-source-2.6.8/drivers/scsi/aacraid/linit.c	2007-08-27 23:43:48.695216732 -0600
+@@ -462,6 +462,8 @@ static int aac_cfg_open(struct inode *in
+ static int aac_cfg_ioctl(struct inode *inode,  struct file *file,
+ 		unsigned int cmd, unsigned long arg)
+ {
++	if (!capable(CAP_SYS_ADMIN))
++		return -EPERM;
+ 	return aac_do_ioctl(file->private_data, cmd, (void __user *)arg);
+ }
+ 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1	Tue Aug 28 05:52:07 2007
@@ -1,3 +1,4 @@
 + compat_sys_mount-NULL-data_page.dpatch
 + pppoe-socket-release-mem-leak.dpatch
 + dn_fib-out-of-bounds.dpatch
++ aacraid-ioctl-perm-check.dpatch

More information about the Kernel-svn-changes mailing list